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I. REAL PARTY IN INTEREST 

The real party in interest for this appeal is: 

Hewlett-Packard Development Company, L.P., a Limited Partnership established 
under the laws of the State of Texas and having a principal place of business at 20555 S.H. 
249, Houston, TX 77070, U.S.A. (hereinafter "HPDC"). HPDC is a Texas limited 
partnership and is a wholly-owned affiliate of Hewlett-Packard Company, a Delaware 
Corporation, headquartered in Palo Alto, CA. The general or managing partner of HPDC is 
HPQ Holdings, LLC. 

II. RELATED APPEALS AND INTERFERENCES 

There are no other appeals, interferences, or judicial proceedings which will directly 
affect or be directly affected by or have a bearing on the Board's decision in this appeal. 

III. STATUS OF CLAIMS 

A. Total Number of Claims in Application 
There are 17 claims pending in application. 

B. Current Status of Claims 



1. 



Claims canceled: None 



2. 



Claims withdrawn from consideration but not canceled: 11-17 



3. 



Claims pending : 1-10 



4. 



Claims allowed: None 



5. 



Claims rejected: 1-10 



C. 



Claims On Appeal 



The claims on appeal are claims 1-10. 
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IV. STATUS OF AMENDMENTS 

A Final Office Action rejecting the claims of the present application was mailed 
March 24, 2006. In response, Applicant did not file an Amendment After Final Rejection, 
but instead filed a Notice of Appeal, which this brief supports. Accordingly, the claims on 
appeal are those as rejected in the Final Office Action of March 24, 2006. A listing of the 
claims is provided in the Claims Appendix section of this brief. 

V. SUMMARY OF CLAIMED SUBJECT MATTER 

The following provides a concise explanation of the subject matter defined in the 
independent claim involved in the appeal, referring to the specification by page and line 
number and to the drawings by reference characters, as required by 37 C.F.R. § 41 .37. Each 
element of the claim is identified by a corresponding reference to the specification and 
drawings where applicable. However, the citation to passages in the specification and 
drawings does not imply that the limitations from the specification and drawings should be 
read into the corresponding claim element. 

According to one claimed embodiment, such as that of independent claim 1 , a 
network having an intrusion protection system (page 11, lines 3-26; figure 2) comprises a 
network medium (page 11, lines 6 and 7; figure 2, items 55, 56, and 100), a management 
node connected to the network medium and running an intrusion prevention system 
management application (page 15, lines 10-22; figure 1, item 85; figure 5), and a plurality of 
nodes connected to the network medium and running an instance of an intrusion protection' 
system application (page 14, line 22 — page 15, line 9; figure 1, items 270A-F; figure 4), at 
least one of the nodes having an identification assigned thereto based on a logical assignment 
grouping one or more of the plurality of nodes (page 18, lines 19-23; figure 7), each node 
sharing an identification being commonly vulnerable to at least one network exploit (page 18, 
lines 23-30; figure 7). 

According to another embodiment, such as that of dependent claim 8, a network 
further comprises a network-based intrusion protection system appliance dedicated to 
filtering inbound and outbound data frames transmitted across the network medium (page 16, 
line 35 — page line 30; figure 6, item 180). 
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According to another embodiment, such as that of dependent claim 9, a network- 
based intrusion protection system appliance interfaces with the network medium via a 
network interface card operating in promiscuous mode (page 16, line 35 — page line 30; 
figure 6, item 180). 

According to yet another embodiment, such as that of dependent claim 10, a network- 
based intrusion protection system appliance shares an identification (page 20, lines 3-5). 

VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

Claims 1-10 stand rejected under 35 U.S.C. § 102(b) as being anticipated by 
Holloway, et at. (U.S. Patent No. 5,905,859, hereinafter Holloway). 

VII. ARGUMENT 

Appellant respectfully traverses the outstanding rejections of the pending claims, and 
requests that the Board reverse these rejections in light of the remarks contained herein. The 
claims do not stand or fall together. Instead, Appellant presents separate arguments for 
several claims. Each of the separately argued claims are presented with separate headings 
and sub-heading in accordance with 37 C.F.R. § 41.37(c)(l)(vii). 

A. Rejection of Claims 1-10 Under 35 U.S.C. § 102 Over Holloway 

Claims 1-10 stand rejected under 35 U.S.C. § 102 as being anticipated by Holloway. 
In order to anticipate a claim under 35 U.S.C. § 102, a single reference must teach each and 
every element of the claim. See Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 
628, 631 (Fed. Cir. 1987). As discussed below, Appellant respectfully submits that Holloway 
fails to teach each and every element of the claims, and respectfully requests that the Board 
overturn these rejections. 

1. Independent Claim 1 and Dependent Claims 2-7 

Claim 1 recites, in part, "a management node connected to the network medium and 
running an intrusion prevention system management application . . . ." The Examiner relies 
upon Holloway 's network management station as meeting the claimed management node and 
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contends that "it is inherent that a detection means application is running." Final Office 
Action, page 3. Appellant respectfully disagrees and notes that: 

"[i]n relying upon the theory of inherency, the examiner must provide a basis 
in fact and/or technical reasoning to reasonably support the determination that 
the allegedly inherent characteristic necessarily flows from the teachings of 
the applied prior art." 

Ex parte Levy, 17 USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (emphasis in original). 
In the present case, the Examiner has not demonstrated how "a management node . . . running 
an intrusion prevention system management application" necessarily flows from Holloway' s 
teachings, and thus a proper showing of inherency has not been made. Thus, a proper 
rejection based on inherency has not been established, and should therefore be overturned. 

In addition, Appellant has been unable to find any passage of Holloway which teaches 
that Holloway 's network management station may run an intrusion prevention system 
management application. See e.g., Holloway, column 4, lines 50-55; figure 1, item 26; 
column 5, lines 10-16; figure 3. Holloway 's network management station may "monitor the 
progress of [a] security breach detected frame." See Holloway, column 6, lines 1-3. 
However, merely monitoring the progress of a detected frame does not require or imply the 
running of an intrusion prevention system management application. For instance, Holloway 's 
monitoring of frames by the network management station may serve to monitor that station, 
rather than to prevent an intrusion. Accordingly, Appellant respectfully asserts that Holloway 
does not teach or suggest a management node running an intrusion prevention system 
management application, as recited in claim 1 . 

Claim 1 also recites, in part, "a plurality of nodes connected to the network medium 
and running an instance of an intrusion protection system application, at least one of the 
nodes having an identification assigned thereto based on a logical assignment grouping one 
or more of the plurality of nodes, each node sharing an identification being commonly 
vulnerable to at least one network exploit." The Examiner relies upon Holloway 's managed 
hub as meeting the claimed nodes. Final Office Action, page 3. According to Holloway, 

the managed hub determines the interconnect devices in the campus network 
that are capable of supporting the LAN security feature. The managed hub 
periodically sends a discovery frame to the LAN security feature group 
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address. The managed hub then uses the responses to build and maintain a 
table of interconnect devices in the network that support the security feature. 

Holloway, column 3, lines 26-32. Holloway's managed hubs themselves are not grouped 
together. Rather, Holloway merely discloses that its managed hubs may assemble a list of 
interconnect devices that support a particular security feature. Id. Insofar as the Examiner 
may also be relying upon Holloway 's interconnect devices as meeting the claimed nodes, 
Appellant notes that Holloway does not teach that such interconnect devices "[run] an 
instance of an intrusion protection system application," as recited in claim 1 . Moreover, 
while Holloway 's interconnect devices may be grouped according to their ability to support a 
security feature, they are not grouped according to a common vulnerability to a network 
exploit, as also recited in claim 1 . Thus, Holloway fails to teach all elements of the claim 
arranged as required by the claim. 

In response to Appellant's previous remarks, the Examiner has stated that 

[t]he Examiner believes a hub to be a device that connects several other 
devices or nodes (e.g.[,] computers) to a network. Therefore it would be 
inherent in [Holloway] that each hub links a grouping of nodes within the 
campus LAN environment." 

Final Office Action, page 2. First, Appellant respectfully points out that the Examiner has 
previously relied upon Holloway 's managed hubs as meeting the claimed nodes. Final Office 
Action, page 3. It is inconsistent for the Examiner to also rely on "several other devices" as 
meeting the same claimed feature. In any event, the "several other devices" connected to 
Holloway 's managed hub do not run an instance of an intrusion protection system 
application, as recited in claim 1 . 

Accordingly, for the reasons discussed above, Holloway fails to teach all elements of 
claim 1. Therefore, Appellant respectfully requests that the Board overturn the rejection of 
record with respect to claim 1 . 

Dependent claims 2-7 depend either directly or indirectly from claim 1 , thus 
inheriting all of the limitations of that independent claim. As noted above, Holloway does 
not teach every element of independent claim 1 . Consequently, Holloway also fails to teach 
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every element of dependent claims 2-7. Therefore, Appellant respectfully requests that the 
Board overturn the rejection of record with respect to claims 2-7. 

2. Dependent Claim 8 

Dependent claim 8 depends from claim 1, thus inheriting all of the limitations of that 
independent claim. As noted above, Holloway does not teach every element of independent 
claim 1 . Consequently, Holloway also fails to teach every element of dependent claim 8. 
Moreover, claim 8 recites additional limitations not taught by Holloway. 

For example, claim 8 recites "a network-based intrusion protection system appliance 
dedicated to filtering inbound and outbound data frames transmitted across the network 
medium." The Examiner relies upon Holloway' s network management station as meeting the 
claimed network-based intrusion protection system appliance. Final Office Action, page 5. 
However, there is no indication that Holloway' s network management station is an intrusion 
protection appliance. Furthermore, the section of Holloway cited by the Examiner merely 
discloses transmitting and receiving a discovery request frame in order to build an 
interconnect device list. Holloway, column 18, lines 10-13. Appellant respectfully points out 
that such steps are performed by a managed hub, and not by the network management station. 
See e.g., Holloway, column 3, lines 32. 

Accordingly, for the reasons discussed above, Holloway fails to teach all elements of 
claim 8. Therefore, Appellant respectfully requests that the Board overturn the rejection of 
record with respect to claim 8. 

3. Dependent Claim 9 

Dependent claim 9 depends indirectly from claim 1, thus inheriting all of the 
limitations of that independent claim. As noted above, Holloway does not teach every 
element of independent claim 1 . Consequently, Holloway also fails to teach every element of 
dependent claim 9. Moreover, claim 9 recites additional limitations not taught by Holloway. 

For example, claim 9 recites that "the network-based intrusion protection system 
appliance interfaces with the network medium via a network interface card operating in 
promiscuous mode." As previously noted, Holloway does not teach, or even suggest, an 
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intrusion protection system appliance, much less an intrusion protection system appliance that 
interfaces with the network medium via a network interface card operating in promiscuous 
mode, as recited in claim 9. 

Accordingly, for the reasons discussed above, Holloway fails to teach all elements of 
claim 9. Therefore, Appellant respectfully requests that the Board overturn the rejection of 
record with respect to claim 9. 

4. Dependent Claim 10 

Dependent claim 10 depends indirectly from claim 1, thus inheriting all of the 
limitations of that independent claim. As noted above, Holloway does not teach every 
element of independent claim 1 . Consequently, Holloway also fails to teach every element of 
dependent claim 10. Moreover, claim 10 recites additional limitations not taught by 
Holloway. 

For example, claim 10 recites that "the network-based intrusion protection system 
appliance shares [an] identification." Applicant points out that claim 1, from which claim 10 
depends, provides that the identification is assigned based on a logical assignment grouping 
one or more of the plurality of nodes, each node sharing an identification being commonly 
vulnerable to at least one network exploit. As previously noted, Holloway does not teach, or 
even suggest, an intrusion protection system appliance, much less an intrusion protection 
system appliance that shares an identification assigned based on a logical assignment 
grouping one or more of the plurality of nodes, each node sharing an identification being 
commonly vulnerable to at least one network exploit, as recited in claim 10. 
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Accordingly, for the reasons discussed above, Holloway fails to teach all elements of 
claim 10. Therefore, Appellant respectfully requests that the Board overturn the rejection of 
record with respect to claim 10. 
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VIII. CLAIMS APPENDIX 

Claims Involved in the Appeal of Application Serial No. 10/001,446: 

1 . A network having an intrusion protection system, comprising: 
a network medium; 

a management node connected to the network medium and running an intrusion 
prevention system management application; and 

a plurality of nodes connected to the network medium and running an instance of an 
intrusion protection system application, at least one of the nodes having an identification 
assigned thereto based on a logical assignment grouping one or more of the plurality of 
nodes, each node sharing an identification being commonly vulnerable to at least one network 
exploit. 

2. The network according to claim 1 wherein the management node is operable 
to originate a security update that is transmitted to each node sharing the identification, any 
remaining nodes not sharing the identification being excluded from receiving the update. 

3. The network according to claim 1 wherein a plurality of identifications are 
respectively assigned to one or more of the plurality of nodes. 

4. The network according to claim 1 wherein the identification is an Internet 
Protocol multicast group identification. 

5. The network according to claim 2 further comprising: 
a plurality of network mediums; and 

at least one router, the management node and the plurality of nodes each respectively 
connected to one of the plurality of network mediums in the network, the router disposed 
intermediate the plurality of network mediums and operable to forward the security update 
from the network medium having the management node connected thereto to any nodes 
connected to the remaining network mediums and sharing the identification. 
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6. The network according to claim 5 wherein the router determines whether any 
of the plurality of nodes connected to the remaining network mediums share the identification 
through implementation of the Internet group management protocolumn 

7. The network according to claim 1 wherein the network medium is an Ethernet. 

8. The network according to claim 1 further comprising a network-based 
intrusion protection system appliance dedicated to filtering inbound and outbound data 
frames transmitted across the network medium. 

9. The network according to claim 8 wherein the network-based intrusion 
protection system appliance interfaces with the network medium via a network interface card 
operating in promiscuous mode. 

10. The network according to claim 8 wherein the network-based intrusion 
protection system appliance shares the identification. 
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IX. EVIDENCE APPENDIX 

NONE. 
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